Timeout Session on the Now Mobile App?

John V
Tera Contributor

Hello all, 

We are trying to setup an auto logout feature for the Now Mobile app. We would like end users to have to re-authenticate every X days for security requirements and such. It would appear that for the Classic and Agent mobile apps, there are corresponding OAuth tokens in System OAuth > Application Registry. These tokens can be reset every X seconds so that the user has to login after X seconds of inactivity. The docs, make it seem like there should be an OAuth token for each of the mobile apps. 

However, I do not see an OAuth token for the Now Mobile app. Does anyone have any insight on how to set this up? Shouldn't it have been installed when we downloaded the Now Mobile plugins? Is it even possible to set this up currently?

Thank you in advance!

1 ACCEPTED SOLUTION

BryanS413339635
Tera Guru

I'm not 100% certain, but I think in Application Registry the one you want for Now Mobile is called ServiceNow Request. There is a separate entry for Now Agent. Then within the selection you can change the token lifespans.

 

If my reply has helped in any way, kindly mark it correct/helpful. Thanks!

View solution in original post

7 REPLIES 7

bernyalvarado
Mega Sage

Hi @John V , take a look to the following article.

I believe it will help you out: https://hi.service-now.com/kb_view.do?sysparm_article=KB0639134#:~:text=Set%20the%20OAuth%20refresh%...

Thanks,

Berny

bernyalvarado
Mega Sage

How to


How to validate session timeout settings are working in the native mobile apps

In this example, we want the native mobile apps to log out after 30 minutes of inactivity.

Configure these settings on your instance:

  • Set the OAuth refresh token lifespan for the ServiceNow Mobile App record in the oauth_entity table to 1800 seconds
  • Set the OAuth access token lifespan for the ServiceNow Mobile App record in the oauth_entity table to 1800 seconds or less
  • Set the web session timeout defined by the glide.ui.session_timeout system property to 30 minutes or less
  • Ensure that the integration session timeout defined by the glide.integration.session_timeout system property is either not defined or set to 30 minutes or less. If this property is not defined, it will default to 5 minutes in Helsinki and 1 minute in Istanbul.

Test these timeout settings using the native mobile app:

  • Log out of your instance with the native mobile app. This is a critical step that will ensure the app uses tokens and sessions with the updated lifespans instead of using previously granted tokens or sessions with different lifespans.
  • Log in to your instance with the native mobile app
  • Send the app to the background (see "What determines session inactivity in the native mobile apps?" above)
  • Wait 30 to 35 minutes
  • Launch the app and notice that the user has been logged out

 

source: https://hi.service-now.com/kb_view.do?sysparm_article=KB0639134#:~:text=Set%20the%20OAuth%20refresh%...

 

Thanks,

Berny

bernyalvarado
Mega Sage

It's important to mention... that as you do any changes, the clients connected will need to logout so that the new expiration / timeout changes can take effect for them. 

Thanks,

Berny